Uncrackable DIY Pencil-and-Paper Encryption

Uncrackable DIY Pencil-and-Paper Encryption

Today we’re surrounded by massive computational power and vast communication systems. When you visit your bank’s site, you don’t think about negotiating cryptographic keys and verifying digital signatures. When you talk on a cell phone, you don’t have to worry about COMSEC (supposedly).

Not too long ago, however, a “computer” was a young woman at a desk, and cryptographic links were short messages. In this article, I’ll show you proven, uncrackable encryption scheme that can be done with pencil and paper. If properly implemented, One Time Pad encryption can be used in virtually any medium, and is still used by our favorite black helicopter organizations to conduct missions abroad.

History

What we now call one-time pad encryption (OTP) was patented by Gilbert Vernam at AT&T in 1919 and enhanced by Captain Joseph Mauborgne of the Army’s Signal Corps. The earliest military application was reported by the German Kurzwellenpanorama magazine in World War I. Later it was employed by the BBC to send coded messages to Special Operations Executive agents abroad.

The largest application of OTP has been on number stations; these unlicensed, mysterious shortwave radio stations began broadcasting during the Cold War and continue to this day. With a common, inexpensive hardware, an agent anywhere in the world can pickup a broadcast from their organization in an untraceable, uncrackable way. These stations often play musical introductions followed with either Morse code or voice recordings reading alphanumeric code. The Cornet Project has done an amazing job putting together 30 years of recordings of these stations and an informational booklet for free download. If you like spy games, be sure to check it out.

Example

I’ll use the example of a Soviet spy. In Moscow, you are issued a tiny booklet of labeled random numbers sequences; this cryptographic key book is identical to one that number station operators have. You sew it into your suit and smuggle it into West Germany. While there, you purchase a shortwave radio and, in the privacy of your flat, listen to the predetermined time and frequency. After a series of beeps, you hear the jingle of music that verifies you are listening to the correct station.

A Russian voice comes on and gives you eight numbers (shown in the table below). Using the first two to identify which code to use, you combine your encrypted message with your key to decode the name of your contact, “Egorov”. You rip out the key booklet page and throw it in your fireplace.
Here is the example from above in math form. The encrypted text is what came over the radio, the key is what was in your book.

Encrypted Text

01

03

09

07

24*

11

Key

04

04

06

11

17*

11

Decrypted Text

=5=E

=7=G

=15=O

=18=R

=15=O

=22=V

You take your encrypted text (01-03-09-07-24-11) and add the key from your book (04-04-06-11-17-11). Notice that position five the cipher text and the key sum to 17, not 41. Because there are only 26 letters, it “rotates” around to become 15 (24+17=41. 41-26=17). The encryption process at the number station simply took the message (EGOROV) and subtracted their random key from it, using the same rotating method for negative numbers.
If the key is scientifically random, in theory, the code is impossible to crack. This is because there is no correlation between how the first E is encrypted and the fifth, and a three letter code could just as easily be “CAT” or “DOG”. An OTP key is used only once, and has a key as long as the message; if a key is reused, it is possible to mount a computational attack and crack it.
Done properly, no previous messages are compromised if a single key is broken (unlike AES or PGP). Furthermore, by keeping the entire process on paper, you minimize the number of mechanism that need to be secure, and thereby reduce the attack vectors. With five minutes of training, you can apply this same system to your IM conversations, email, shortwave radio stations or SMS. Lastly, humans intuitively understand how to hide and secure things, but only conceptually understand firewalls and SSL.
A limitation of OTP is that there’s a finite number of messages that can be sent before a new set of keys need to be exchanged. Furthermore, the key exchange has to happen out-of-band and typically in person; this makes the system more inconvenient compared to PGP or AES for computer network communications. Understanding these limitations and advantages, you can build out your own cryptographic implementation easily.

Building Your Own System

Step 1 – Decide on an Alphabet

First we need to figure out how to interpret decrypted messages as English. Often messages are converted into using numbers for their ease-of-calculation in OTP. Numbers don’t have to represent just letters, as in the previous example, but also numbers, symbols, words, and syntax. While this the alphabet is not sensitive, per se, it’s usually kept with your keys. Here is an example alphabet I’ve created for text messages.

Code

Meaning

Code

Meaning

01

A

27

0

02

B

28

1

03

C

29

2

04

D

30

3

05

E

31

4

06

F

32

5

07

G

33

6

08

H

34

7

09

I

35

8

10

J

36

9

11

K

37

(space)

12

L

38

.

13

M

39

!

14

N

40

?

15

O

41

AND

16

P

42

THE

17

Q

43

WHO

18

R

44

WHAT

19

S

45

WHERE

20

T

46

WHEN

21

U

47

YES

22

V

48

NO

23

W

49

MAYBE

24

X

50

ABORT

25

Y

51

HELP

26

Z

52

(End of Message)

Step 2 – Generate Your Key Book

Now we need to generate your key book to smuggle into West Germany. Unlike Hoover’s CIA, generating 10,000 new scientifically random numbers doesn’t take a room full of agents rolling dice for a week. RANDOM.org is a free service run by the computer science department at Trinity College in Dublin, Ireland; their random numbers are generated from atmospheric noise, and is as close an approximation to random numbers as you can get without a chunk of uranium and a Geiger counter.

Step 3 – Transmit

When you transmit, you have lots of options available to you today your granddaddy didn’t. Your globally-connected encrypted pocket radio (cell phone) and SMS are fantastic systems, albeit expose your geographic location to the service provider. If you want to transmit a message to many people/agents, a Twitter or Blogger account posted to via Tor or a pre-paid cellphone create the modern day equivalent of a number station. In fact, there is at least one known bot net coordinated via an anonymous Twitter account (not encrypted, however).

That’s it, no more tools or training is required. While OTP certainly has its limitations, under the right circumstance it can outperform more sophisticated (and more difficult) cryptographic systems. Anyone with five minutes of training and a piece of paper can use the same tools the CIA, KGB, and Mossad use to conduct operations abroad. It’s up to you to learn how to apply these in your own situation, but remember that many times, the simplest tool in your arsenal is the most powerful.

Are you getting more than 14¢ of value per day from ITS?

Thanks to the generosity of our supporting members, we’ve eliminated annoying ads and obtrusive content. We want your experience here at ITS to be beneficial and enjoyable.

At ITS, our goal is to provide different methods, ideas and knowledge that could one day save your life. If you’re interested in supporting our mission and joining our growing community of supporters, click below to learn more.

Discussion

Just came across this, and was wondering does anyone beleive someone will be able to crack the codes of a numbers station any time soon given any methods we're already familiar with? A reply would be appreciated! (Yes I know this thread is a tad outdated)

If I recall correctly, the process is (you'd operate on bytes, but I'll refer to characters to mean that):

1) compose message (assume it's 120 characters)

2) generate equal size (120 ) random characters

3) calculate byte offset between #1 and #2

Result is 120 characters (bytes) of encryption.

You can calc. the offset of any 2 and get the 3rd. The random noise and the final crypto is functionally indistinguishable. I could geek out for a few more paragraphs, but you can wikipedia yourself to death outside this thread.

Awesome post. Glad the "tactical" crowd is taking this into such strong consideration.
Even the digital versions of OTP are uncrackable - granted the dictionary is kept safe.
Years ago I read "Applied Cryptography" (http://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-Source/dp/0471117099/ref=sr_1_1?ie=UTF8&qid=1300748067&sr=8-1). There's simple software examples of implementing these. It's probably not a good crypto reference unless you are a software engineer.
If I recall correctly, the process is (you'd operate on bytes, but I'll refer to characters to mean that):
1) compose message (assume it's 120 characters)
2) generate equal size (120 ) random characters
3) calculate byte offset between #1 and #2
Result is 120 characters (bytes) of encryption.
You can calc. the offset of any 2 and get the 3rd. The random noise and the final crypto is functionally indistinguishable. I could geek out for a few more paragraphs, but you can wikipedia yourself to death outside this thread.
-Sean

I'm really digging the math-whiz geniuses in the forum who know how to crack the one-time pad without a duplicate pad or occurrences! Seventy years of spook history and actual testing *poof!* obliterated by theory!

For further reading on one-time pads, as well as a cool piece of fiction, look up Neal Stephenson's Cryptonomicon for a great key generating system for when unplugged. Also, it is the "Conet" project because of the word for "end" in many Slavic languages, which were heard over the airwaves.

Great article, great site!
I'm really digging the math-whiz geniuses in the forum who know how to crack the one-time pad without a duplicate pad or occurrences! Seventy years of spook history and actual testing *poof!* obliterated by theory!
For further reading on one-time pads, as well as a cool piece of fiction, look up Neal Stephenson's Cryptonomicon for a great key generating system for when unplugged. Also, it is the "Conet" project because of the word for "end" in many Slavic languages, which were heard over the airwaves.

The easiest way to crack any agorithm is to use a statistical and dictionary word search analysis. Given enough processing power (which will come in time) this can work. There is a few ways to sidestep this. I can write in my home language (Afrikaans) which only about 4 million people can read/write! I could mix it with Dutch which is closely related and then...... do a nice algo....

One thing I felt would work with computer encryption using keys, is to have a one-time key system. Something in your residence that is 'everyone's' residence.

A telephone book, especially one from a bigger city that has more than 1200 pages. Use page number for day/date, start at the beginning of the page and use last four numbers of the phone numbers for your key. Use only residence or business listings, forget the yellow page listings.

Great article. Always been a fan of cyphers and OTP's especially.
One thing I felt would work with computer encryption using keys, is to have a one-time key system. Something in your residence that is 'everyone's' residence.
A telephone book, especially one from a bigger city that has more than 1200 pages. Use page number for day/date, start at the beginning of the page and use last four numbers of the phone numbers for your key. Use only residence or business listings, forget the yellow page listings.

The short explanation is that even if your brute force all possibilities, you have no way of telling if "XQZ" decrypts to "CAT" or "DOG". If you encrypted spaces like in the applied example, the best someone could hope to tell is that a message is 500 spaces long (but can't tell if it's padded with random data).

Most computer encryption schemes still rely on a key to decrypt all messages, and you can verify when it's broken. They're often way more practical and in practice uncrackable.

I wouldn't call this uncrackable, though. After all, since we do have computer, I could simply run the message through the various options (assuming I know something of which cypher technique you used) until I got a series of viable words. Do this enough times and I am pretty sure I could find the contents of the message (but it would take some work). Clearly I would not attempt to crack it without a computer (or a lot of time on my hands).

How fun!
I wouldn't call this uncrackable, though. After all, since we do have computer, I could simply run the message through the various options (assuming I know something of which cypher technique you used) until I got a series of viable words. Do this enough times and I am pretty sure I could find the contents of the message (but it would take some work). Clearly I would not attempt to crack it without a computer (or a lot of time on my hands).

Great article. However I believe I found a small mistake: "...it “rotates” around to become 15 (24+17=41. 41-26=17)." Last number should be 41-26= 15 instead of 17, or am I missing something? Thanks for the article.

Agreed, Carter! Cryptonomicon is A VERY COOL piece of fiction. In point of fact, it is my third favorite work of fiction ever written. It is a GREAT primer on cryptographic theories, concepts, and techniques.

Pretty sure my math is sound here, but it's been a while since crypto class in college.

Even with a computer, cracking this would be pretty damn impressive. Assuming a 52 character alphabet and a 45 character message, you'd have something like 256 bits of entropy. So, 2^256 possibilities to brute force. A high end GPU can guess maybe 500-600 million per second. So you'd be looking at around 6.3*10^60 years of searching.

Even with only twelve characters, brute forcing would take about 1000 years.

You could definitely brute force the answer, but you'd never live to see it.

All of which is moot because with a custom alphabet as above (as Andrew points out), you've got no guarantee of knowing which answer is correct.

Pretty sure my math is sound here, but it's been a while since crypto class in college.
Even with a computer, cracking this would be pretty damn impressive. Assuming a 52 character alphabet and a 45 character message, you'd have something like 256 bits of entropy. So, 2^256 possibilities to brute force. A high end GPU can guess maybe 500-600 million per second. So you'd be looking at around 6.3*10^60 years of searching.
Even with only twelve characters, brute forcing would take about 1000 years.
You could definitely brute force the answer, but you'd never live to see it.
All of which is moot because with a custom alphabet as above (as Andrew points out), you've got no guarantee of knowing which answer is correct.

Hey John,
I tried to avoid wikipedia-link overload, but here's the section that explains why it's uncrackable: http://en.wikipedia.org/wiki/One-time_pad#Perfect_secrecy
The short explanation is that even if your brute force all possibilities, you have no way of telling if "XQZ" decrypts to "CAT" or "DOG". If you encrypted spaces like in the applied example, the best someone could hope to tell is that a message is 500 spaces long (but can't tell if it's padded with random data).
Most computer encryption schemes still rely on a key to decrypt all messages, and you can verify when it's broken. They're often way more practical and in practice uncrackable.

Do you have what you need to prevail?

Shop the ITS Store for exclusive merchandise, equipment and hard to find tactical gear.